[原文]The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server.

-
漏洞信息

-
漏洞描述

Yahoo! Messenger contains a flaw that may allow a remote denial of service. The issue is triggered due to the processing of arguments in the YMSGR: URL handler links. With a specially crafted request containing certain characters after the first or third colon, a remote attacker can causing the user to be disconnected from the current chat session resulting in a loss of availability.

-
时间线

公开日期:
2005-05-13

发现日期:
Unknow

利用日期:2005-05-13

解决日期:Unknow

-
解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.